Escolar Documentos
Profissional Documentos
Cultura Documentos
Basic Threats
1. Theft of password.
2. Email based threats.
3. Email based extortion.
4. Launch of malicious programs.
5. Internet time theft.
Corporate Threats
1. Web Defacement.
2. Corporate espionage.
3. Website based launch of malicious code cheats & frauds.
4. Exchange of criminal ideas and tools.
5. Cyber harassment.
6. Forged websites.
Online Threats
1. Email spamming.
2. Theft of software, electronics records, computer hardware’s
etc.
3. Cyber stalking
4. Email bombing.
5. Morphing.
6. Denial of service attack.
Other Thefts
1. Theft of information.
2. Email forgery.
3. Theft of e-cash, credit card numbers, online bank accounts
etc.
Cyber Crimes
– Dutch gulf war hackers
– Master of downloading.
What is HACKING
Unauthorized use or attempts to bypass security mechanism of
any information system like computer/ server/ network.
Hackers VS Crackers
Feature of a Hacker(White hat hacker)
2. Scanning
3. Enumeration
4. System Hacking
5. Trojans and Backdoors
6. Sniffers
7. Denial of Service
8. Social Engineering
9. Session Hijacking
10. Hacking Web Servers
11. Web Application Vulnerabilities
12. Footprinting
Techniques
1. SQL Injection
2. Hacking Wireless Networks
3. Viruses
4. Novell Hacking
5. Linux Hacking
6. Evading IDS, Firewalls and Honey pots
7. Buffer overflow attack
8. Cryptography.
Phases of Hacking
– Could be future point of return when noted for ease of entry for an
attack when more is known on a broad scale about the target.
– accessible hosts
– open ports
– location of routers
IP Revealed
IP Addresses
a) Every system connected to a network have a unique IP address which acts as
its unique identity on network.
Instant Messengers
Ask your friend to come online and chat with u.
Case 1:-
If you are chatting on ICQ than following connection is exist between your system
and your friends system.
C:\>netstat –n
If u are chatting some other instant messengers like Yahoo or msn etc. then
following indirect connection is made.
C:\>netstat –n
Precautions:-
Proxy Servers
Definition
A proxy server acts as a buffer between u and the internet hence it protects your
identity on Internet.
Working:-
Proxy Bouncing
Definition:-
Working:
Tools:- Multiproxy.
Email Headers
– Email service providers add the IP address of the sender to each outgoing
email.
– A typical analysis of the email header will tell u the IP address of the
computer from where the email has been originated.
Google mail:-
To obtain Google mail headers
IP Spoofing
Definition:
It is the art of changing your system’s IP address so that target system thinks that u
are some one else.
What is a port?
– The first step, once the target computer is decided is to find out as much
information as you can find out.
– In order to break in a system you need to exploit any vulnerability existing
in the services offered by it.
– Almost all system have certain open ports, which have certain services
running on them.
– Attacker have to scan the target system for open ports with certain services
running and choose which service can be exploited to get root or
administrator services.
There are two types of ports:
a) First are the hardware ports , which are slots existing behind the CPU
cabinet of your system, in which u plug in or connect your hardware . For
e.g.
c) Such a port is basically a virtual pipe through which information goes in and
out.
All open ports have service running on these ports which provides a certain service
to the user who connects to it.
Example:-
Port 25 is always open on a server handling mails. It is the port where sendmail
service is running by default.
The attacker’s quest to break the system is to find out as much information on it as
possible
1. One has to find out the operating system of the target system. This can
be done as:-
a) Service grabbing.
b) Active fingerprinting.
c) ICMP message.
d) Passive fingerprinting.
2. One has to get a list of services running on the various open ports on the
target system and then decide on a vulnerable service which can be
compromised.
3. Firewall Detection.
a) ICMP message.
b) Banner grabbing.
c) Port scanning.
4. One also needs to look into the details of the network to which the target
system belongs. For example how the network is organize , the subnet
addresses etc.
a) Traceroute.
b) ICMP messages.
Port Scanning:-
Definition :-
Port scanning means to scan the target system to obtain the list of open ports,
which are listening for the connection.
How does the port scanner deduce whether a particular port on the target
system is open or close?
There are various port scanning techniques employed by different port scanners.
– In a manual port scan, when you telnet to a port of a remote host, a full three
way handshake takes place, which means that a complete TCP connection
opens.
– This is not more convenient method. To make it more convenient many new
port scanning techniques are developed.
P
Hacke
r Dial
Dial In
Mode
Serv
m
Intern
Outsid
e Insid
Firew e
Almost all port scan are based on the client sending a packet to the target port of
the system, containing a particular flag.
Socket Pairs.
Socket pairs are the combination of IP addresses and the ports.
Example:-
99.99.99.99:25
a) SYN port scanner sends a TCP packet containing the SYN flag (which in
turn contain the port number) to the remote host.
b) The remote system replies with either SYN/ACK or RST/ACK.
c) If the client receives a SYN/ACK from the server, then the port is in
listening state. However if client system receives a RST/ACK then it means
that the port is not in listening or in other there is no service is running on
that particular system.
Detection of the SYN scan:-
C:/windows>netstat –a
1. One can easily counter-attack TCP SYN scans by simply adding rules in
the firewall which will block such SYN scan attempts.
TCP FIN scan are very popular. They are mostly used on UNIX systems, as other
operating systems, due to the way their stacks are designed, are known to respond
to FIN packets sent to open ports with a RST packet. This irregularity in the
implementation employed by the various operating systems can also be used for
remote OS fingerprinting.
a) The first step is to get good port scanner, preferably a stealthy one and then do
a port scan on the target system. Most of the stealthy port scanners are
detectable. So code your own port scanner is better. The best port scanner are
those which send SYN/FIN packets from a spoofed address or host.
21 FTP
23 Telnet
25 SMTP
53 DNS
79 Finger
80 HTTP
110 POP
111 not useful
389 not useful
512 rlogin
– NMAP
– SATAN
– HPing
– Port Scanners etc.
Try to keep eye on TCP port 12345 and UDP port 31337. These are the default
ports for popular Trojans: NetBus and BO
Although there is simply no way that one can prevent or stop client from port
scanning your machine, it is highly advisable one uses software to detect and track
the port scanning attempts.(For UNIX system- Scanlogd and for windows system-
Black ICE)
A daemon banner contains certain information about the daemon running on that
particular port, other system information and sometimes message of the day.
It contains operating system name, daemon name and version time and date, etc.
ICMP Scanning
The Internet Control Message Protocol(ICMP) is the defacto protocol used for
reporting errors that might have occurred while transferring the data packets over
network.
Extremely useful in Information Gathering. Can be used for find the following:
– Host detection.
– Operating system information.
– Network topography information.
– Firewall detection.
ICMP scanning: Host Detection Technique.
Echo requests or ping messages can e3asilly filtered at the router level by using the
below Access Control List (ACL)
• OS detection
• Firewall detection
• Network topography information
• Geographical location of the host.
• Remote OS Fingerprinting
• Active Fingerprinting
• Passive Fingerprinting
The underlying concept behind the remote OS fingerprinting is the fact that due to
different stacks different OS responds differently to the same packet that is to sent
by some system.
This difference in responses is used as benchmark of differentiating between
various operating system.
• Active Fingerprinting
In active fingerprinting attacker performs these operations
• Passive Fingerprinting:-
Passive Fingerprinting is totally anonymous.
– The attacker gets hold of data packets sent by the target host to any other
system. A sniffing tool is used to carry out the process of capturing the data
packets sent by the target system.
– The various fields of these captured data packets then studied for
charecteristics values unique to a particular OS.
a) TTL values.
b) The windows size.
c) Don’t fragment bit.
d) Types of services(TOS)
For example if a captured data packet has a ‘windows value’ of 9000 ‘ Types of
services’ as 0 and ‘Don’t fragment bit’ as YES then host is most probably Windows
9x or Windows NT.
Basic Threats
• Theft of password.
• Email based threats.
• Email based extortion.
• Launch of malicious programs.
• Internet time theft.
Corporate Threats
• Web Defacement.
• Corporate espionage.
• Website based launch of malicious code cheats & frauds.
• Exchange of criminal ideas and tools.
• Cyber harassment .
• Forged websites.
Online Threats
• Email spamming.
• Theft of software, electronics records, computer hardwares
etc.
• Cyber stalking
• Email bombing.
• Morphing.
• Denial of service attack.
Other Thefts
• Theft of information.
• Email forgery.
• Theft of e-cash, credit card numbers, online bank accounts
etc.
Cyber Crimes
SPYWARES
Dangers:-
a) Spying on activities.
b) Stealing of victim’s secret password.
c) Misuse of computer memory for attacker’s own
malicious or non malicious purposes.
Virus: - A Definition
Worms:-
DOS Attack
In a DOS attack, the attacker chokes the target system with
infinite data and hence crashes it.
Technical Definition:-
http://www.domain.com/index.asp?querysring=sports
http://www.domain.com/index.asp?querysring=sports’ or 1=1-
NOTE:-
The query will evaluate to true and hence will display all records.
Cryptography
1. RSA
2.MD-5
3.SHA
4.SSL
5.PGP
6.SSH
7. Encryption Cracking Techniques
Anyone can send a confidential message just using public information, but
it can only be decrypted with a private key that is in the sole possession of
the intended recipient.
Each person's public key is published while the private key is kept secret.
In this system, each person gets a pair of keys, called the public key and the
private key.
RSA
RSA is a public-key cryptosystem developed by MIT Professors Ronald L
Rivest, Adi Shamir, Leonard M Adleman in 1977 in an effort to help ensure
internet encryption standards.
MD5
SHA
The algorithm is slightly slower than MD5, but against brute-force collision
and inversion the larger message digest makes it more secret attacks.
SSL
SSL stands for Secure Sockets Layer, SSL is a protocol developed by
Netscape for transmitting private documents via the Internet.
SSL works by using a private key to encrypt data that is transferred over the
SSL connection.
RC5
SSH
The program SSH (Secure Shell) is a secure replacement for telnet and the
Berkeley r-utilities (rlogin, rsh, rcp and rdist).
SSH2 is a more secure, efficient and portable version of SSH that includes
SFTP, an SSH2 tunneled FTP.